pam_mkhomedir 777 on parent directory
Joey Trungale
joeyt at victoriacollege.edu
Mon Oct 18 19:05:06 UTC 2004
It turns out I was using an old version of sshd that came with RH.
OpenSSH 3.9x works without problems when using pam_mkhomedir.
Permissions no longer have to be 777. Thanks to all that replied!
On Thu, 2004-10-14 at 10:46 +1000, Darren Tucker wrote:
> Thorsten Kukuk wrote:
> > On Wed, Oct 13, Joey Trungale wrote:
> >>I have sshd using pam_mkhomedir to create home directories as users are
> >>authenticated with pam_winbind. The home directory setup
> >>is /home/NT_DOMAIN/username. The only problem with this is that
> >>NT_DOMAIN must be 777 in order for pam to be able to create the users
> >>directory in it. I'm guessing this is because pam drops privs before it
> >>gets to this point...maybe it's run as the user. [...]
>
> > Has nothing to do with PAM, is a typical sshd problem.
>
> Correction: it *was* a typical (OpenSSH) sshd problem. Recent versions
> (>3.7x) will run pam_session and pam_setcred as root even with
> UsePrivilegeSeparation=yes.
>
> We've been working to improve the PAM support in OpenSSH. If you've got
> a module that doesn't work with (the current version of) OpenSSH, please
> report it. I don't guarantee it will be made to work, but I do promise
> to look at it.
>
> OpenSSH's PAM support will never be perfect (because of the mismatches
> between the SSH protocol and the PAM API, and because it's harder to do
> PAM in a privilege separated environment like OpenSSH) but it can be
> improved.
>
More information about the Pam-list
mailing list